ahmyth | 0da4f4ab01a1a53088d2cb063e198621dc1bf50f6642af37aa0329778233650c | Triage

Sharing

General

Target

0da4f4ab01a1a53088d2cb063e198621dc1bf50f6642af37aa0329778233650c
Size

5.2MB
Sample

240708-m9z17sycja
MD5

ea19f32573cc0d6d254f71ae3d2b4ee4
SHA1

a17f77c0f98613bf349b038b9bc353082349c7aa
SHA256

0da4f4ab01a1a53088d2cb063e198621dc1bf50f6642af37aa0329778233650c
SHA512

a6745e03176608739ef5442304a79edf140396c474a0b740602aedf287d975fc547a463e63596052a50edb44ba9698317645f2984e0b986c91faf69bf4001f0b
SSDEEP

98304:vsANE27a8S0HZ2avfSI86YMAIrkPzcQVefNu3vpZ6GhrnwdHTzdccA2dDGcS0frg:vsipa8H/vvdk73WNw6kExxcV2l8

Score

10^/10

ahmyth android discovery evasion persistence

Malware Config

Targets

- Target
  
  0da4f4ab01a1a53088d2cb063e198621dc1bf50f6642af37aa0329778233650c
- Size
  
  5.2MB
- MD5
  
  ea19f32573cc0d6d254f71ae3d2b4ee4
- SHA1
  
  a17f77c0f98613bf349b038b9bc353082349c7aa
- SHA256
  
  0da4f4ab01a1a53088d2cb063e198621dc1bf50f6642af37aa0329778233650c
- SHA512
  
  a6745e03176608739ef5442304a79edf140396c474a0b740602aedf287d975fc547a463e63596052a50edb44ba9698317645f2984e0b986c91faf69bf4001f0b
- SSDEEP
  
  98304:vsANE27a8S0HZ2avfSI86YMAIrkPzcQVefNu3vpZ6GhrnwdHTzdccA2dDGcS0frg:vsipa8H/vvdk73WNw6kExxcV2l8
Score

6^/10

discovery evasion persistence
- Acquires the wake lock
- Makes use of the framework's foreground persistence service
  Application may abuse the framework's foreground service to continue running in the foreground.
  evasion persistence
- Queries information about active data network
  discovery
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Mobile v15

Initial Access

Execution

Persistence

Foreground Persistence

Privilege Escalation

Defense Evasion

Foreground Persistence

Credential Access

Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistence

behavioral2

discoveryevasionpersistence

behavioral3

discoveryevasionpersistence